PROBLEM:
Pidgin SILC (Secure Internet Live Conferencing) Protocol Denial of Service Vulnerability.
PLATFORM:
Versions Prior to Pidgin 2.10.1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux Optional Productivity Application 5 server
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop version 4
Red Hat Enterprise Linux Desktop 5 client
Red Hat Enterprise Linux AS 4
ABSTRACT:
An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.
referenceĀ LINKS:
Pidgin Security Advisory
Red Hat BugzillaBug 766446
Red Hat Advisory: RHSA-2011:1820-1
CVE-2011-4603
IMPACT ASSESSMENT:
Medium
Discussion:
Pidgin is prone to a denial-of-service vulnerability. When receiving various incoming messages, the SILC protocol plugin failed to validate that a piece of text was UTF-8. In some cases invalid UTF-8 data would lead to a crash,effectively denying service to legitimate users. Due to the nature of this issue, remote code execution may be possible; this has not been confirmed.
Impact:
An attacker can exploit these issues by constructing and submitting a specially crafted SILC message. Successful exploits will cause the affected application to crash.
Solution:
Updates are available. Download Pidgin 2.10.1.